CVE-2024-5629

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions PyMongo versions 4.6.2 and earlier

Description The issue is related to an out-of-bounds read in the 'bson' module, allowing deserialization of malformed BSON provided by a server. This can lead to an exception that may contain arbitrary application memory, potentially revealing confidential information or causing a denial of service.

Recommendations For PyMongo versions 4.6.2 and earlier, update to version 4.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the 'bson' module until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:8419

ALT-PU-2025-10173

AZL-42682

AZL-42726

BDU:2024-04925

CESA-2025_8419

CVE-2024-5629

DLA-3832-1

DLA-3889-1

GHSA-M87M-MMVP-V9QM

GHSA-PP84-V3MW-GG4W

INFSA-2025_8419

RHSA-2025:8419

RHSA-2025_8419

USN-6904-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Pymongo

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2024-5629

Weakness Enumeration

Related Identifiers

Affected Products

References · 41